I have an issue where some users are able to access tables that you they shouldn't. I checked their Active Directory Group membership and confirmed that they belong to two groups that don't have permission to these tables. I then ran "EXEC sp_validatelogins" and I found a Group that appears to have been deleted from AD but still exists within SQL Logins and also in SQL Users. This group has db_owner permissions and the users did belong to the group before it was deleted. Even if this group was deleted from AD does the db_owner permission still apply for these users? Can I ran a query that would confirm this?

For the user to have access - the AD group would have still be valid - as it needs to resolve against the AIs it possible they are accesing via some other path?Have you checked which groups these users are members of in the AD itself? Then cross - reference against SQL Server Logins?